Anonymity networks such as Tor are a critical privacy-enabling technology. Tor's hidden services provide both client and server anonymity. They protect the location of the server hosting the service and provide encryption at every hop from a client to the hidden service. This paper presents CARONTE, a tool to automatically identify location leaks in hidden services, i.e., sensitive information in the content served by the hidden service or its configuration that discloses the server's IP address. Compared to prior techniques that deanonymize hidden services CARONTE implements a novel approach that does not rely on flaws on the Tor protocol and assumes an open-world, i.e., it does not require a short list of candidate servers known in advance. CARONTE visits the hidden service, extracts Internet endpoints and looks up unique strings from the hidden service's content, and examines the hidden service's certificate chain to extract candidate Internet endpoints where the hidden service could be hosted. Then, it validates those candidates by connecting to them. We apply CARONTE to 1,974 hidden services, fully recovering the IP address of 101 (5%) of them.
CARONTE: detecting location leaks for deanonymizing tor hidden services / S. Matic, K. P., C. J. - In: Conference on Computer and Communications Security[s.l] : Association for Computing Machinery, 2015. - ISBN 9781450338325. - pp. 1455-1466 (( Intervento presentato al 22. convegno ACM SIGSAC nel 2015 [10.1145/2810103.2813667].
CARONTE: detecting location leaks for deanonymizing tor hidden services
S. Matic;
2015
Abstract
Anonymity networks such as Tor are a critical privacy-enabling technology. Tor's hidden services provide both client and server anonymity. They protect the location of the server hosting the service and provide encryption at every hop from a client to the hidden service. This paper presents CARONTE, a tool to automatically identify location leaks in hidden services, i.e., sensitive information in the content served by the hidden service or its configuration that discloses the server's IP address. Compared to prior techniques that deanonymize hidden services CARONTE implements a novel approach that does not rely on flaws on the Tor protocol and assumes an open-world, i.e., it does not require a short list of candidate servers known in advance. CARONTE visits the hidden service, extracts Internet endpoints and looks up unique strings from the hidden service's content, and examines the hidden service's certificate chain to extract candidate Internet endpoints where the hidden service could be hosted. Then, it validates those candidates by connecting to them. We apply CARONTE to 1,974 hidden services, fully recovering the IP address of 101 (5%) of them.
| File | Dimensione | Formato | |
|---|---|---|---|
|
p1455-matic.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
525.44 kB
Formato
Adobe PDF
|
525.44 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
